CUNA seeks clarity on the California Consumer Privacy Act (CCPA) rules so credit unions can properly comply. The law’s definition of “business” needs further clarification, CUNA wrote, as the definition in the bill does not address not-for-profit status.
CUNA also seeks additional guidance on the “doing business in California” requirements, as the vast majority of credit unions are outside of California and likely do not seek to serve California residents.
“Some businesses with few customers in California may elect not to serve customers who live in the state, but credit unions cannot easily do this as they, by law, cannot close member share accounts without a vote of the membership of the credit union – a process that is involved and impractical for this purpose,” the letter reads. “A company should be allowed to serve a de minimis number of California residents without meeting the “doing business in California” requirements to allow for isolated instances where a business, such as a credit union, must provide services to California residents by law, yet does not seek to market itself in California or open accounts for California residents.”
Other CUNA recommendations include: